027a51a868ad06e2010dcc20e65350ceb5bf25a6d84f64fac5a0dc40aac1cbec

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 12:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

17fd8ee19f498e23f8103b1655e7db14.exe
Size

1.8MB
MD5

17fd8ee19f498e23f8103b1655e7db14
SHA1

7f15034083410823fbf63dfedb52cdba2b32ed0e
SHA256

027a51a868ad06e2010dcc20e65350ceb5bf25a6d84f64fac5a0dc40aac1cbec
SHA512

0d7d9e8c673e88fe2ab458e2c1e36931f5d0808abe654d247afe18782ebc760f7e3e14c1b63a3d49c814d2fdcfe53c26afb65ecdecb8ecca3be27459dc27d556
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqn:SCqm2Jpr0nNM7Dus7Nxe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3780-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022791-5.dat	upx
behavioral2/memory/3780-358-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\AddEnter.shtml	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\7-Zip\7zG.exe.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml	17fd8ee19f498e23f8103b1655e7db14.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.exe	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	17fd8ee19f498e23f8103b1655e7db14.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	17fd8ee19f498e23f8103b1655e7db14.exe

C:\Users\Admin\AppData\Local\Temp\17fd8ee19f498e23f8103b1655e7db14.exe
"C:\Users\Admin\AppData\Local\Temp\17fd8ee19f498e23f8103b1655e7db14.exe"
1⤵
- Drops file in Program Files directory
PID:3780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
371KB

MD5
ce5eb0ac2dd50721b904ffbdb10ee12f

SHA1
ed491f4bf6b0b44e66896faf2c5e560573dbc951

SHA256
cf27ad19b76ab005318df28583c9f504beb72c4749017d48127299a2a64a2e54

SHA512
d12e40dca89f6de51c93f78371d7a746a64643d7103c1c0048a16d3e3e37644defebfe1c4568882cbbcd887d7c511ece1c3cfd231ba877f5dfd939dfd3d0c14d

Download Submit
memory/3780-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3780-358-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads